Understanding Phishing and How my ULID Account was Compromised

Last modified 9/14/2023

Phishing campaigns come through various communication methods including email and phone calls. These communications pose as a message claiming to be from a trusted source and are designed to capture personal information including login usernames and passwords. More serious phishing campaigns will attempt to retrieve your credit card or bank account information. 

Phishing Emails  

In the recent past, Illinois State has been targeted by phishing scam emails. These phishing emails instruct you to reply and include your username and password. They typically say something like this: “Failure to do this will immediately render your email address deactivated from our database. 

For more information, review How to Recognize Phishing Emails Targeting Illinois State University.

Phishing Calls 

Phishing can come in the form of phone calls as well as email. 

A phishing caller may pretend they are from Microsoft or your IT department and may ask you to provide account details or convince you to visit a website that will give them remote control of your computer. They may make threats like claiming your computer has a virus and action must be taken immediately. 

How Does an Account Get Compromised and What Happens?

If your ULID account becomes compromised as the result of phishing, action will be taken to secure your account starting with your account being locked. You will need to contact the Technology Support Center to unlock and finish securing your account.  

You Gave Someone Your Password 

When you replied to an email with your username and password or gave that information over the phone, you sent that information to a phishing scammer. The scammer now has access to your account. This is called a “compromised account.” 

Spam is Sent from Your Account 

Once the phishing scammer gains access to your account, he or she logs into your Microsoft 365 email and uses your account to send more spam. Hundreds or thousands of spam messages might be sent from your email account. 

Compromised Account Detection 

The mail server detects compromised email accounts, such as those being used by phishing spammers. If your account has been compromised by a phishing scam, action will be taken to secure your account. 

Action Taken on Your Account 

You will lose access to email and your account will be locked. To regain access, you must change your password. You will receive an email notification to your Illinois State University and third-party email address on file, which discusses your compromised account and includes important information on how to resolve the problem.  

How to Get Help